Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Wednesday August 29 2018, @08:04PM   Printer-friendly
from the stop-whining-we-can-see-you dept.

Daniel Genkin of the University of Michigan, Mihir Pattani of the University of Pennsylvania, Roei Schuster of Cornell Tech and Tel Aviv University, and Eran Tromer of Tel Aviv University and Columbia University investigated a potential new avenue of remote surveillance that they have dubbed "Synesthesia"[1]: a side-channel attack that can reveal the contents of a remote screen, providing access to potentially sensitive information based solely on "content-dependent acoustic leakage from LCD screens."

The research, supported by the Check Point Institute for Information Security at Tel Aviv University[2] (of which Schuster and Tromer are members) and funded in part by the Defense Advanced Research Projects Agency, examined what amounts to an acoustic form of Van Eck phreaking. While Van Eck phreaking uses radio signal emissions that leak from display connectors, the Synesthesia research leverages "coil whine," the audio emissions from transformers and other electronic components powering a device's LCD display.

source: https://arstechnica.com/information-technology/2018/08/researchers-find-way-to-spy-on-remote-screens-through-the-webcam-mic/
archived: https://archive.fo/ZmO62

[1] https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf & https://www.cs.tau.ac.il/~tromer/synesthesia/
[2] http://cpiis.cs.tau.ac.il/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by SemperOSS on Wednesday August 29 2018, @09:12PM (9 children)

    by SemperOSS (5072) on Wednesday August 29 2018, @09:12PM (#728011)

    So, what are the bandwidth requirements for this?

    Assume a screen of 1,024 by 800 pixels (smallish screen) = 819,200 pixels. Assume a refresh rate of 24 Hz (slow refresh rate), that's 19,660,800 updates per second. With a black and white screen (i.e. one bit per pixel), you would need a bandwidth of more then 19 MHz to decipher the screen properly and 24 times that with 8-bit per colour RGB pixels. I think that even the best microphones would have problem with that bandwidth.

    They may be able to gain partial insight in some of the lower frequency, per whole line, information, like the overall intensity, but beyond that I'd like to see a demonstration before I accept it.

    --
    I don't need a signature to draw attention to myself.
    Maybe I should add a sarcasm warning now and again?
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Informative) by dbe on Wednesday August 29 2018, @09:32PM

    by dbe (1422) on Wednesday August 29 2018, @09:32PM (#728025)

    The answer is at the end of the article:

    all the letters were capitalized (in the Fixedsys Excelsior typeface with a character size 175 pixels wide) and black on an otherwise white screen.

    So a very low bandwidth indeed, a sort of low quality TEMPEST system...
    https://en.wikipedia.org/wiki/Tempest_(codename) [wikipedia.org]

    -dbe

  • (Score: 1, Interesting) by Anonymous Coward on Wednesday August 29 2018, @09:34PM (3 children)

    by Anonymous Coward on Wednesday August 29 2018, @09:34PM (#728026)

    Except that isn't actually needed if you aren't trying to read pixels which are changing every refresh.

    Generally the most important thing to someone spying on you will be text. Text tends to have decent contrast, and the pixels tend to change very infrequently. So it is completely conceivable that some kind of statistical averaging could be done over a large number of frames, which would reveal the text being displayed.

    • (Score: 3, Funny) by requerdanos on Wednesday August 29 2018, @10:10PM (2 children)

      by requerdanos (5997) Subscriber Badge on Wednesday August 29 2018, @10:10PM (#728034) Journal

      most important thing to someone spying on you will be text.

      We have determined that your password is:

      *******

      • (Score: 2) by Azuma Hazuki on Wednesday August 29 2018, @10:55PM (1 child)

        by Azuma Hazuki (5086) on Wednesday August 29 2018, @10:55PM (#728053) Journal

        It's hunter2, it just looks like ******* to everyone else =p

        --
        I am "that girl" your mother warned you about...
  • (Score: 0) by Anonymous Coward on Wednesday August 29 2018, @09:36PM

    by Anonymous Coward on Wednesday August 29 2018, @09:36PM (#728028)

    To reconstruct every pixel of every frame, yes. But if the screen is static, not at all. Their research uses 'zebras' (black and white stripes) as proof of concept but it's not limited to such a pronounced signal.

    Your post also has a distinct error, not just a failure to read the article. Assuming a relatively static screen, ie.not a wildly flashing strobe video, the same pixel will have a similar value from frame to frame, so in fact the 'refresh rate' doesn't apply at all, because of how sampling and aliasing apply.

  • (Score: 2) by RandomFactor on Wednesday August 29 2018, @10:39PM (1 child)

    by RandomFactor (3682) Subscriber Badge on Wednesday August 29 2018, @10:39PM (#728044) Journal

    So they reinvented the modem?

    --
    В «Правде» нет известий, в «Известиях» нет правды
    • (Score: 3, Interesting) by Osamabobama on Thursday August 30 2018, @05:07PM

      by Osamabobama (5842) on Thursday August 30 2018, @05:07PM (#728329)

      The word 'modem' comes from 'modulator/demodulator,' which describes the process of encoding and decoding data in duplex communications. In this case, the microphone isn't demodulating, as it is only sending the data. On the other end, the receiver would need to demodulate the data in order to make use of it. Two separate devices, so not a modem.

      If you like, you could say they reinvented the A/D converter, but of course that's not true, either.

      --
      Appended to the end of comments you post. Max: 120 chars.
  • (Score: 1, Interesting) by Anonymous Coward on Thursday August 30 2018, @12:37AM

    by Anonymous Coward on Thursday August 30 2018, @12:37AM (#728083)

    Imagine getting passwords from someone typing on say, a tablet with an on-screen keyboard, with just the microphone.
    You don't need terribly high bandwidth to get roughly which part of the screen changed and when.